How I can send all logs from journald to GCP Logging?

Your question provides no information about the system that generates the logs. On-prem, Google Cloud Compute Engine, etc. In most cases, Google Cloud Logging (aka Stackdriver) is the solution. https://cloud.google.com/logging/docs/agent/logging/installation

@JohnHanley journald is quite well known and that alone is sufficient information about the system. I can't find anything in Cloud Logging's docs that suggests it supports reading from the journal. It seems to support only plain text files. I think it could be done with the new Ops Agent though, as it will ingest JSON (finally) on a TCP listener and journald will export JSON to such a listener.

@MichaelHampton - I meant the service/system he is running on - Compute Engine, Kubernetes, etc. and that is important to specify. Cloud Logging aka Stackdriver supports journald.

@JohnHanley Really? Is there documentation of this?

@MichaelHampton - I cannot even find the word **journald** mentioned with Stackdriver. I have been using Google Cloud Logging for years and I have never done anything except for proper installation and permissions to see the journald entries in Logs Viewer. Now you have me doubting myself.

@JohnHanley Probably from syslog, as the journal on most systems is configured to export everything to syslog. The OP doesn't appear to have this option if he has no disk to write to. Not to mention that what gets written to syslog is a small subset of the actual journal entry; a lot of info just gets thrown away. It's also quite odd that, with virtually every Linux system using it, that apparently neither Cloud Logging nor Ops Agent can ingest from the journal directly. I'm hopeful to set up a JSON-TCP connection between journald and Ops Agent but I don't have time to do it right now.

@MichaelHampton - I just verified that you are correct. Cloud Logging is not exporting all journals entries. I used **systemd-cat** to write to journald and verified that the entry appeared in journald. Then I went to Cloud Logging and wait 10 minutes. The entry did not appear.

Just a plain Linux VM Compute Engine (not a Kubernetes)

If you haven’t already tried , can you try the steps mentioned in [Centralizing with Syslog](https://www.loggly.com/ultimate-guide/centralizing-with-syslog/) and verify if you can view the journald logs on the Cloud Logging dashboard.

I will try it and report, but it seems this will create 2 places where my logs will be stored on vm. In journald files and in /var/log/syslog I would like to avoid it.

I sit in a Tesla and translated this thread with Ai: